File http-brute
Script types:
portrule
Categories:
intrusive, brute
Download: http://nmap.org/svn/scripts/http-brute.nse
User Summary
Performs brute force password auditing against http basic authentication.
Script Arguments
http-brute.hostname
sets the host header in case of virtual hosting
http-brute.method
sets the HTTP method to use (default: GET)
http-brute.path
points to the path protected by authentication (default: /)
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.Example Usage
nmap --script http-brute -p 80 <host> This script uses the unpwdb and brute libraries to perform password guessing. Any successful guesses are stored in the nmap registry, under the nmap.registry.credentials.http key for other scripts to use.
Script Output
PORT STATE SERVICE REASON
80/tcp open http syn-ack
| http-brute:
| Accounts
| Patrik Karlsson:secret => Valid credentials
| Statistics
|_ Perfomed 60023 guesses in 467 seconds, average tps: 138
Summary
-------
x The Driver class contains the driver implementation used by the brute
library
Requires
Author: Patrik Karlsson, Piotr Olma
License: Same as Nmap--See http://nmap.org/book/man-legal.html